NATO publishes a how-to manual for cyber warfare

In recent years, it’s common to believe that cyber warfare could act as an inevitable future of international conflict. It’s a notion that has only become more entrenched since the discoveries of various hacking and malware attacks as state-sponsored efforts. But, if the digital battleground is to take more importance in modern warfare, do the old rules regarding conflict still apply?

This isn’t an entirely hypothetical or theoretical question, and thankfully, NATO has stepped in to answer. The result is a new series of legal guidelines written by legal experts from multiple countries in conjunction with the International Committee of the Red Cross and the U.S. Cyber Command, following an invitation by NATO’s Co-operative Cyber Defense Center of Excellence. In short, it’s the new rules of war for a new type of war.

The guidelines – which contain 95 “black letter rules” about digital warfare – took three years to write, and attempt to put online attacks into an internationally-recognized legal framework to clarify issues that still seem complicated and difficult to untangle. For example: Anyone who engages in “hackitivism” during a war can be defined as a legitimate target, according to the new rules, despite their civilian status. Colonel Kirby Abbot, an assistant legal adviser at NATO, says the manual containing the guidelines is “the most important document in the law of cyber-warfare.”

Amongst the rules laid out in the guidelines:

Even if a cyber attack originates from a known government network, that is not enough to classify the attack as originating from the state itself. Instead, it is “an indication that the state in question is associated with the operation.”

However, while “no international armed conflict has been publicly characterized as having been solely precipitated in cyberspace… cyber operations alone might have the potential to cross the threshold of international armed conflict.”

Targets of future state-sponsored cyber-attacks should be carefully chosen in order to avoid civilian casualties, the report warns. “In order to avoid the release of dangerous forces and consequent severe losses among the civilian population, particular care must be taken during cyber-attacks against works and installations containing dangerous forces, namely dams, dykes and nuclear electrical generating stations, as well as installations located in their vicinity.” Similarly out of bounds are hospitals and other medical units are already covered by existing warfare rules.

Note that these guidelines are just that: Guidelines – and not particularly set-in-stone rules. The document is not classified as an official NATO document or rulebook, but instead just a series of independently-created and published advisories to bear in mind by the member states when considering this matter.

On one hand, there’s something surprisingly civilized about the whole thing. Conversely, if things were truly civilized, we’re not sure there is any need for this kind of thing at all.